Thanks Kelly,
That was very interesting. I've been reading other articles about the same thing, but so much is still unresolvable.
I think we should working at making what we have, SMTP, work since that is THE protocol. Changing a computer program is one thing, but changing a whole protocol seems extreme. So, it "trusts", this is cool. There should be methods for authentication before the SMTP protocol is even called into play. And there already are such methods.
But the big hold up on making SPAM stop is the money. Just follow the money trail...it points to people. The problem isn't really that it costs too much to fix SPAM, it's that it pays so well to enable it.
I really don't want the government messing things up with their "fixes", but there should be some method of deterrence and the resulting justice for those who aren't deterred, could be applied by those who are harmed or abused. If ALL system admins had a clue and cared even just a little, they would ALL close up their systems so that some form of existing authentication was necessary to process an individual's mail. If that individual then abused the process, their "punishment" should be swift and severe. If the authentication was required at the first "hop", starting with the individual, then all the machines used to forward the message where it needed to go could do so uninhibited. Many of the first "hops" don't do this authentication..either because they're ignorant, lazy, or getting rich. The damaged/abused parties should be allowed to do whatever is necessary to protect their systems from abuse, even if it means blacklisting whole blocks of IPs. If the owner of an IP won't listen to reason, then go to the next level of ownership up. If whole ISPs became invisible on the internet, SPAM might start costing more than it's worth.
I know, I know...whole ISP are already blocked...and some even block whole countries..(
I blocked all of Australia once in my "zeal"). But truly, if everyone was of the same mind about SPAM...and say EVERYONE blocked Korea for just a month...isn't it concievable that Korea would learn a lesson and tighten up their machines? The government's role in this is to insure fairness...protect my right to block a harmful system and insure that innocents are given a chance to prove their case. Our government has little/no control outside our borders..and I sure don't want some little p*ss ant government setting my rules. Government's role should be limited.
My machine functions at the fullest capabilites of the SMTP protocol...yet, it is not a part of the problem. It authenticates those who wish to initiate their e-mail from this server, and it accepts mail from the Internet at large, in other words it trusts those who should have implemented an auth scheme. There lies the rub. If my users are caught abusing the system, they are immediately history..no one has ever done this on my system..hopefully, no one ever will. If EVERY machine would authenticate that first right to pass, and ALL admins had a firm/strict policy...the abuse would go away. As it is, money is the excuse. But, such a scheme would allow for mailing lists, long lost friends who write from the blue, advertising sent to those who wish it...it just all hinges on a person's willingness to obey the rules. Since we know the world is full of people who don't obey, the punishments should be sufficent to engender cooperation.
*grin...my Criminal Justice philosophies might begin to show.
*grin, Kelly, did you leave that soapbox for me? I'm through with it now, but if you drag it back out and label it SPAM, security or viruses, I'll step back up..thanks..
see ya,
edited for typos/clarity..
